package fr.web325.filter;

import fr.web325.bean.User;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@WebFilter(filterName = "Verification", urlPatterns = {"/shop/admin/*"})
public class Verification implements Filter {

    public void init(FilterConfig config)   {
    }

    public void destroy() {
    }
    @Override
    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
        // 1 强制转换
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) resp;

        // 2判断是否具有权限
        User user = (User) request.getSession().getAttribute("user");

        if (user != null && "超级用户".equals(user.getRole())) {
            // 3.放行
            chain.doFilter(request, response);
            return;
        }

        response.sendRedirect(request.getContextPath() + "/shop/error/privilege.jsp");
    }
}
